On Tue, May 09, 2017 at 09:50:19AM +0200, David Coppa wrote: > Hi! > > Fixes for: > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287 > > From upstream via Arch Linux. > > Patches for -current and 6.1. > > Ok?
ok. Looking at `git log --grep oss-fuzz` in the freetype repo[1] I see many more fixes fixes from the Google fuzzing project. Unfortunatly I don't have time to look at them closely. Do you know if these other bugs are still beeing discussed somewhere as needing CVE-IDs or if they are considered harmless and will only be shipped in Freetype 2.8 ? [1] git://git.sv.nongnu.org/freetype/freetype2.git -- Matthieu Herrb